
Criminal Defence for the Effective Compliance Exemption (Art. 31 bis 2 CP)
Judicial accreditation of an effective compliance program to obtain criminal liability exemption for the legal entity.
Last updated:
The effective compliance exemption (Art. 31 bis 2 CP) is the only way for the legal entity to completely avoid criminal conviction when an offense has been committed within it. Having a document called "Compliance Manual" is not enough: the Supreme Court, in STS 154/2016 and later rulings, has consolidated that only materially effective and prior compliance excludes the company's culpability.
Cumulative Requirements of Art. 31 bis 2 CP
The exemption requires proving the four requirements simultaneously:
- Prior program: Adopted and executed before the commission of the offense, not afterwards.
- Autonomous body: Compliance Officer or Compliance Committee with autonomous powers of initiative and control. Its independence is scrutinized by the court.
- Fraudulent circumvention: The individual author circumvented the program fraudulently and deliberately. If the offense was possible due to defects of the program itself, there is no exemption.
- Absence of supervisory omission: The control body exercised its functions in a real and sufficient manner, not merely formally.
Autonomous Compliance Officer with Resources
The court does not accept a figurehead. The Compliance Officer (or committee) must enjoy genuine autonomous powers of initiative and control, backed by an own budget, sufficient staff and a direct reporting line to the board —not to the very executive whose area is being controlled. Real independence is proven with hard evidence: committee minutes, prior cases in which the program was actually applied, and a documented capacity to investigate and escalate. Without resources, autonomy is fictitious and the exemption fails, because a control body that cannot act is indistinguishable from no control at all.
Fraudulent Circumvention of the Program
This is the requirement most often litigated. The exemption presupposes that the material author deliberately and covertly circumvented a working program —concealing information, falsifying documents or bypassing established controls— rather than simply taking advantage of the program's own gaps. The distinction is decisive: if the offence was possible because the model had holes, the company shares the blame and there is no exemption; if the author had to defeat real, functioning controls to commit it, the program proves its effectiveness. Our defence reconstructs, document by document, exactly how the controls were evaded.
Post-Event Forensic Audit
When the imputation is notified, the criminal law firm must immediately activate a forensic audit of the program: review of Compliance Committee minutes, training delivered, complaints received and processed, risk assessments, controls applied to the specific area where the act occurred. This audit results in a technical expert report filed in the proceedings as exonerating evidence. The quality of this report is usually decisive for the court to grant exemption or mitigation.
Evidence Strategy at Trial
Exemption is won with evidence, not assertions. The strategy combines a documentary snapshot of the program in force —captured with a certified date to prevent any allegation of after-the-fact manufacturing—, an expert report assessing it against recognised standards (UNE 19601, ISO 37301) and the testimony of the Compliance Officer on the program's day-to-day operation. Where the four requirements are fully met the result is the acquittal of the legal entity; where they are only partially met, the same evidence supports the highly qualified mitigation of Art. 31 quater CP, with a one- or two-degree reduction. Exemption of the company never exempts the individual material author.
The six requirements of an effective model (Art. 31 bis 5 CP)
The exemption is not earned by merely having a programme, but by proving the model was adequate and effective before the offence. Article 31 bis 5 of the Criminal Code sets the minimum content that must be evidenced: first, identifying the activities in whose scope the offences to be prevented may be committed, that is, a real criminal-risk map specific to the company rather than a generic template. Second, establishing protocols or procedures that articulate how the legal entity forms its will, adopts decisions and executes them. These two pillars turn the model into a genuine prevention tool instead of a decorative document.
Third, having financial-resource management models adequate to prevent the offences to be prevented, avoiding, for instance, opaque funds or parallel accounts. Fourth, imposing a duty to report possible risks and breaches to the body charged with overseeing the model, which connects directly to the internal whistleblowing channel. Fifth, establishing a disciplinary system that adequately sanctions breaches of the measures. And sixth, carrying out a periodic verification of the model and modifying it when material breaches come to light or when changes occur in the organisation, its control structure or its activity.
Adequacy is judged ex ante and effectiveness ex post. A well-designed model that is never applied, with no training, no traceability of its operation and no sanctions for breaches, will struggle to pass judicial scrutiny. The defence therefore relies on documentary evidence: minutes, training records, monitoring reports, disciplinary files and risk-map reviews. Partially evidencing these requirements is not worthless, because it allows the company to invoke mitigation where the full standard for exemption is not reached.
The autonomous oversight body and the burden of proving the exemption
Article 31 bis 2 CP requires that oversight of the model's operation and compliance be entrusted to a body with autonomous powers of initiative and control. That autonomy is functional and material: the compliance officer or compliance body must have resources, access to information and the capacity to act without depending on those who could commit or conceal the offence. In small legal entities, the law allows these functions to be assumed directly by the management body, adapting the requirement to the firm's actual size. What matters is not the organisation chart but that oversight genuinely exists and is effectively exercised.
The exemption only operates if the statutory conditions concur together: an adequate model adopted and effectively implemented before the offence, oversight entrusted to that autonomous body, commission of the offence by the perpetrator fraudulently evading the model, and no omission or insufficient exercise of the oversight and control functions. If the offence was possible because supervision failed, the evasion ceases to be fraudulent and the exemption falls away. That is why the defence documents both the design of the model and the concrete conduct of the compliance body.
In practice, the party invoking the exemption must provide elements supporting the adequacy and effectiveness of the model, without this displacing the presumption of innocence or shifting onto the company the proof of the offence itself. The strategy is to build a solid evidentiary file from the very start of the investigation, anticipating the judicial assessment. Proving the existence, implementation and real operation of the programme is what separates the full exemption from the mere mitigation provided for in Article 31 bis 2 in fine and in Article 31 quater CP.
The investigated legal entity: procedural status, its own defence and the company's plea
When proceedings are directed against the company, it acquires the status of an investigated party with rights of its own, distinct from those of its directors or employees. The legal entity appoints its own procedural representation and counsel, who must be independent of anyone with conflicting interests: an administrator or worker charged in an individual capacity cannot simultaneously assume the company's defence where a conflict of interest exists, because the firm's line of defence, centred on demonstrating its prevention model, may be opposed to that of the natural person.
The criminal liability of the legal entity is autonomous from that of the natural person (Article 31 ter CP): the company may be convicted even if the specific physical perpetrator is not identified, even if that person has died, is in default of appearance or is acquitted for personal reasons. This autonomy requires the corporate defence to be built around its own subject matter, the existence, adequacy and effectiveness of the organisation and management model, and not merely around the fate of the investigated director. They are two planes of liability assessed separately.
The legal entity may reach its own plea agreement, distinct from that of the natural persons, allowing the organisation to contain its criminal exposure according to its strategy and the available evidence. Deciding between maintaining the exemption, negotiating a plea or invoking mitigating factors is a technical assessment that depends on the strength of the compliance programme and the stage of the investigation. An early, orderly and documentarily supported defence is what preserves the company's options before its procedural position closes.
Whistleblowing channel (Law 2/2023), internal investigations and succession in M&A
Law 2/2023 of 20 February, on the protection of whistleblowers, requires companies with fifty or more workers to have an internal information system, with a confidential and even anonymous channel, managed by a designated person notified to the Independent Whistleblower Protection Authority. This channel is not merely a regulatory obligation: it feeds the fourth requirement of Article 31 bis 5 CP, reinforces the effectiveness of the criminal-compliance model and protects the reporter against retaliation. An operational channel, with deadlines, traceability and guarantees against reprisal, is relevant evidence in support of the exemption.
Internal investigations triggered by a report must respect the rights of the affected employees so that the evidence obtained is lawful and usable in the criminal proceedings. Prior information on data processing, proportionality of the measures, respect for privacy and dignity, and the possibility of legal assistance are conditions that delimit the validity of interviews, access to devices and review of corporate communications. A poorly conducted internal investigation may taint the evidence and weaken the very model the company sought to rely on.
The criminal liability of the legal entity is not extinguished by its transformation, merger, absorption or division (Article 130.2 CP): it transfers to the resulting entity, with the penalty modulated according to the proportion the original entity bears to the new one. This makes criminal due diligence an essential element of any M&A transaction, because the acquiring company may inherit past criminal contingencies. The penalties applicable to the legal entity are set out in Article 33.7 CP and include a fine, dissolution, suspension of activities, closure of premises, prohibition of activities, disqualification from public subsidies and contracts, and judicial intervention, which measures the importance of an effective compliance programme.
Penalties & Consequences: Criminal Defence for the Effective Compliance Exemption (Art. 31 bis 2 CP)
| Type / Scenario | Criminal Penalty |
|---|---|
| Total exemption (Art. 31 bis 2 CP) | Acquittal of the legal entity. Does not exempt the individual material author. |
| Highly qualified mitigation (Art. 31 quater CP) | 1 or 2 degrees of penalty reduction. Possibility of symbolic fine and avoidance of interdictory penalty. |
| Without compliance or cooperation | Full penalty: proportional fine, dissolution, suspension, judicial intervention and disqualification for public contracts. |
* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.
Defense Strategy: Criminal Defence for the Effective Compliance Exemption (Art. 31 bis 2 CP)
Documentary Snapshot of the Program
Immediate certified-date capture of all compliance documentation in force at the time of the act.
UNE-ISO 37301 Expert Report
File a technical expert report evaluating the program against internationally recognized standards (UNE 19601, ISO 37301).
Defense Through Proven Circumvention
Documentarily reconstruct how the material author bypassed existing controls, evidencing the fraudulent nature of the act.
Economic Criminal Law in Spain: Tax Fraud, Money Laundering and Corporate Crimes
Economic criminal law encompasses the most severe financial penalties in the Spanish Criminal Code. Tax fraud over €120,000 (Art. 305 CP), money laundering (Art. 301 CP), and corporate crimes (Art. 290-297 CP) are complex offenses where defense requires a combination of criminal law expertise and deep accounting/financial knowledge.
Penalty Comparison: Economic Offenses
| Offense | Threshold | Penalty |
|---|---|---|
| Tax Fraud (Art. 305) | >€120,000 | 1 – 5 years + fine x6 |
| Aggravated Tax Fraud | >€600,000 | 2 – 6 years |
| Money Laundering (Art. 301) | Any amount | 6 months – 6 years |
| Aggravated Laundering | Organized/financial system | Up to 9 years |
| Corporate Crime (Art. 290) | Balance sheet falsification | 1 – 3 years |
| Punishable Insolvency (Art. 259) | Fraudulent bankruptcy | 1 – 4 years |
Key Defense Strategies
Tax Regularization Defense (Art. 305.4 CP)
Pay the full tax debt before charges are formally filed and the crime is extinguished. This is the most powerful complete defense in tax fraud cases.
Challenge the €120K Threshold
The tax authority's calculation method is often contestable. Independent forensic accounting can challenge the assessed figure below the criminal threshold.
Money Laundering 'Self-laundering' Issues
Spanish courts have debated whether the primary offender can also be convicted of laundering their own proceeds. Challenge the double jeopardy implications.
Corporate Crime: Harm to Company vs. Shareholders
Art. 295 corporate crimes require actual financial harm to the company or its members. Demonstrate that any loss was speculative or absent.
Why Choose Us?
Need a criminal defense lawyer for this type of offense? Here's how we work:
Do you need specialised legal assistance?
The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.